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Reply to Office Action of Feb. 4, 2005 

TT. Remarks 

As a preliminary matter, the Applicant thanks the Examiner for noting that a certified copy 
of the priority Canadian application number 2,299,824 has not yet been filed. The Applicant will be 
submitting a certified copy of the priority application in due course. 

The Examiner rejected Claims 1-4 under 35 U.S.C, 102(e) as being anticipated by United 
States Patent No. 6,324,648 issued to Grantges ("Grantges"). Applicant responds to this rejection as 
per the below. 

Grantges teaches a computer system that provides authenticated access from a client 
computer over an insecure, public network to one o fa plurality of authorized applications hosted by 
destination servers on a private, secure network. This authorized access is done through use of a 
client-side digital certificate. A firewall is disposed between the insecure, public network and the 
private network. A proxy server intercepts messages destined for the destination servers, and 
forwards the intercepted messages through the firewall to a gateway server on the private network. 

In response to the rejection of claims 1 and 3, Applicant has reviewed the specification of 
Grantges and submits that the system 20 is designed for establishing a first secure connection 52 
between the client computer 22 and the proxy server 34 (both located outside of the firewall 32), a 
second secure connection 54 between the proxy server and the application gateway server 3 8 (located 
behind the firewall), and a third secure connection 56 between the proxy server and the application 
gateway server. Applicant would like to direct the Examiner's attention to the teaching that the 
second secure connection is established to permit two-way real-time communication between the 
client computer 22 (through the proxy server) and the application gateway server for purposes of 
real-time bi-direction secure communication ultimately between the client computer and the 
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authorized applications 24 b 24 2 , 24 3 . Applicant can find no mention or even suggestion in Grantges 
of a polling operation for transmission of queued data across the firewall, as positively recited in 
amended claims 1 and 3 as further discussed below. 

Applicant subm its Grantges teaches that establishment and use of the first secure connection 
is not across the firewall. Therefore the secure connection will not be discussed further, other than to 
note that initiation of the secure connection is done synchronously by the client computer (see 
column 8 lines 16 to 28), not through any polling action across the firewall by the application 
gateway server. 

Applicant submits Grantges teaches that establishment of the second secure connection is 
initiated by the client computer (through the proxy server), see column 6 lines 47 to 53, not through 
any polling action across the firewall by the application gateway server. The establishment of the 
second secure connection is done via two-way messages 72,74 (see Figure 2 and column 8 lines 53 
to 60). Further, Applicant submits Grantges teaches that establishment of the third secure connection 
is initiated by the client computer (through the proxy server), similarly to the second secure 
connection, see column 7 lines 9 to 12. Applicant brings to the Examiner's attention that 
establishment of the second secure connection is also not through any polling action across the 
firewall by the application gateway server. 

Applicant submits Grantges teaches use of the third secure connection for the purpose of the 
client computer first requesting and then obtaining an "options page" from the application gateway 
server, which provides a list of authorized applications 24 t , 24a, 24 3 for access by the client 
computer. Applicant brings to the Examiner's attention that Grantges teaches initiation of the use of 
the third secure connection is done by request of the client computer (via the proxy server) directed 
across the firewall to the application gateway server, not through any polling action across the 
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firewall by the application gateway server 38, as evidenced by the two-way messages 76, 78 of 
Figure 2 (see column 9 lines 1 9 to 25). 

Applicant submits Grantges teaches use of the second secure connection for the purpose of 
the client computer first requesting and then obtaining access to one of the selected authorized 
applications, in real-time. This real-lime access is described by Grantges with reference to message 
80 (from the client computer and the proxy server) and message 82 (from the proxy server across the 
firewall to the application gateway server), see Figure 2 and column 9 lines 25 to 34. It is noted that 
communication between the client computer and the authorized application(s) across the firewall is 
described as initiated by the client computer (via the proxy server), not through any polling action 
across the firewall by the application gateway server 38. Further, Grantges describes that once the 
application gateway server 38 receives the message 82, the message 82 is then routed via connections 
58, 60, 62 (see column 9 lines 34 to 35 and column 12 lines 1 to 5), 

Further, Applicant directs the Examiner's attention to other teachings of Grantges concerning 
communication initiated/row the proxy server across the firewall to the application gateway server, 
namely: column 3 lines 26 to 29 and column 4 lines 33 to 65. 

Accordingly, in view of the above, Applicant submits that Grantges teaches a system 20 only 
for providing two-way secure real-time communication across the firewall situated between the 
proxy server and the application gateway server, with the ultimate message destination being the 
authorized applications also sitting inside the firewall. Applicant is of the opinion that Grantges 
neither teaches nor suggests the use of a polling server to "pull across the firewall the received data 
from the queue of the proxy server to the polling server", as presently claimed in amended claims 1 
and 3 of the subject application. Grantges therefore does not include a polling server which 
periodically queries a proxy server for information; rather, as outlined above, in the Grantges system. 
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the proxy server actively routes and forward messages through the firewall in real-time by the 
creation of the active two-directional ports (e.g. connections 54 and 56). 

Applicant has amended claims 1 and 3 of the present application as follows: 

1 . A secure network resource access system for facilitating access to a network resource located 
behind a firewall, the secure network resource access system comprising: 

a proxy server located logically outside the firewall for receiving data from a data source 
located outside the firewall, the proxy server having a queue for storing the received data; and 

a polling server located logically behind the firewall, thepolling server being configured for 
polling the proxy server to pull the received data across the firewall from the queue of the proxy 
server to the polling server; and 

3. Amethpd for facilitating secure access to anetwork resource located behind a firewall, the method 

comprising the steps of: 

storing received data in a queue of a proxy server, the received data from a data source 

located outside the firewall; and 

polling the proxy server located logically outside the firewall by a polling server located 
logically inside the firewall, the polling being to pull across the firewall the received data from the 
queue of the proxy server to the polling server. 

Accordingly, and as is clearly recited in the above amended claims 1 and 3, the present 
invention, by contrast, includes the polling server, which periodically queries the proxy server for 
received data. While the Applicant is of the opinion that the nature of the proxy and polling servers 
of the present invention would have been clear to a person skilled in the art upon reading the 
Description of the invention as-filed, the Applicant has amended independent claims 1 and 3 to 
further clarify the nature of the invention. 

9 



PAGE 11/13* RCVD AT 5H/2005 11:37:36 AM (Eastern Daylight Time] • SVR:USPT0-EFXRF-1/2 1 DMS:8729306' CSID:416 862 7661 1 DURATION (mm-ss):0M2 



05/04/05 11:43 FAX 416 862 7661 



G L H 



©012 



Appl. No. 09/926,436 

Amdt. dated May 4, 2005 

Reply to Office Aciion of Feb. 4, 2005 

Support for these amendments can be found at page 2, paragraph [0023]: 

Preferably, the proxy server 1 14 is located on-site at the enterprise responsible for administering the 
network resource 104, is provided with a network address corresponding to the enterprise, and 
includes a queue for receiving application data, 
and at page 2, paragraph [0024]: 

The polling server 116 is in cornrnunication with the enterprise server 118, and is configured io 
periodically pol I the proxy server 1 14 through the firewall to determine whether application data from 
a network terminal 200 is waiting in the queue of the proxy server 114. The proxy server 114 is 
configured to transmit any queued application data to the polling server 1 16 in response to ihe poll 
signal from the polling server 116. 

and at page page 7, paragraph [0064]: 

The polling server 116 associated with the network resource 104 will poll the proxy server 114 to 
deienrihie the slams of the queue. Upon receipt of a polling signal from the polling server 1 1 6, the 
proxy server 1 14 transmits any queued application data from the proxy server queue, through the 
firewall, to the polling server 1 1 6. The polling server 1 1 6 then extracts the network address from the 
received application data, and transmits the application data to the appropriate server 11 & or network 
resource 104 for processing. 

Further, Applicant notes the Examiner's rejection of claims! and 4 of the present application 
but considers-this rejection moot-in- vie\v-of-the-above discussed amendrnents.and.discussion.of„ 
claims 1 and 3. Further, Applicant requests consideration of newly submitted claims 5 to 19. 

Further, Applicant notes the prior art made of record but not relied upon. 
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It is believed that the above remarks and amendments submitted herein have placed this 
present application in condition for allowance, and a Notice thereof is requested. Further, Applicant 
submits that no new matter has been introduced into the subject application by the foregoing 
amendments. If the Examiner has further concerns, he is encouraged to contact Applicant's 
undersigned agent at 416-862-4318. All correspondence should continue to be directed to listed 
address shown below. 

Respectfully submitted, 

Grant Tisdall 
Agent for Applicants 
Registration No. 53,902 

GOWL1NG LAFLEUR HENDERSON LLP 
Suite 4900 

Commerce Court West 
Toronto, Ontario 
Canada M5L 1J3 
Facsimile: (416)862-7661 

TOR LAW\ 6025239\ 
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